On Monday, September 12, 2011 12:08:56 PM Coy Hile wrote: > > On Sun, Sep 11, 2011 at 9:08 PM, Christopher Morrow > > > > <morrowc.li...@gmail.com> wrote: > >> what's the real benefit of an EV cert? (to the service owner, not the > >> CA, the CA benefit is pretty clearly $$) > > > > The benefit is to the end user. > > They see a green address bar with the company's name displayed. > > > > Yeah, company's name displayed -- individuals cannot apply for EVSSL > > certs. > > > > > > With normal certs, the end user doesn't see a green address bar, and > > instead of the company's > > name displayed "(unknown)" is displayed and > > "This web site does not supply ownership information." is displayed. > > > > If you ask me, hiding the company's name even when present on a > > non-EVSSL > > cert is tantamount to saying "Only EV-SSL certs are really trusted > > anyways". > > > > So maybe instead of these shenanigans browser makers should have just > > started displaying a "don't trust this site" warning for any non-EVSSL > > cert. > As an academic aside, exactly what would one set on his (internal) > root CA so that internally-trusted certs signed by that CA would show > up as EV certs?
The certificate would need a authority specific OID included in the extension field and you would have to modify the browser to acknowledge the OID as legitmate. Regards, Cody Rose NOC & Sys Admin
signature.asc
Description: This is a digitally signed message part.
